Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/lj7ccZfqS-FFk18wsLdt8Gz-v5A.roa
File: lj7ccZfqS-FFk18wsLdt8Gz-v5A.roa (raw, json)
Hash identifier: KCALXbxTpSnyZWLolbJmImcNASMyRwlkk+pWjgNP4nc=
Subject key identifier: 96:3E:DC:71:97:EA:4B:E1:45:93:5F:30:B0:B7:6D:F0:6C:FE:BF:90
Certificate issuer: /CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
Certificate serial: 018D13D7EE73FDB42A6C2780C49850F5CFFA
Authority key identifier: F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/lj7ccZfqS-FFk18wsLdt8Gz-v5A.roa
Signing time: Tue 16 Jan 2024 19:55:34 +0000
ROA not before: Tue 16 Jan 2024 19:55:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212667
IP address blocks: 195.69.148.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:ee:73:fd:b4:2a:6c:27:80:c4:98:50:f5:cf:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
Validity
Not Before: Jan 16 19:55:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=963edc7197ea4be145935f30b0b76df06cfebf90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:17:ee:04:20:e7:b2:f1:19:e6:ed:7b:fa:6c:
78:7f:9f:fe:f0:23:37:3c:86:32:ec:73:6a:59:5a:
d6:a9:2c:e8:7c:27:0f:3c:f8:9e:8b:a1:bf:b5:7c:
c6:b8:6f:c7:48:f8:76:c6:50:fe:cf:73:c0:da:16:
8c:9b:76:ad:c6:b5:0f:b8:84:62:be:b4:31:0c:b5:
5b:3c:1b:3e:8b:4c:58:5d:ed:46:66:30:d3:e0:f6:
24:15:4b:00:f4:a4:9c:8d:d6:53:e0:1c:07:8d:8a:
40:d5:c8:b5:66:a9:84:84:95:6a:3f:a0:4f:66:8e:
11:70:01:a5:da:a5:a1:e5:36:af:7b:68:d7:f7:ba:
58:bf:8c:11:c7:13:98:5f:60:82:f1:b7:28:9d:66:
0c:94:48:33:6e:b5:b6:45:6d:e4:c4:89:16:8c:2e:
0c:ef:eb:fd:41:d4:d3:81:a4:5f:53:eb:05:44:2c:
b6:06:73:30:f4:05:ee:78:e2:8c:5e:d0:e0:02:7b:
8a:c0:48:d9:3b:54:a4:a9:09:ea:bb:f6:5e:41:2b:
7d:d6:3a:f8:81:bc:6a:94:d2:fa:06:7e:5e:07:54:
f9:a2:13:78:72:d9:f9:23:0b:45:78:ab:8f:ce:06:
92:35:01:b6:c9:91:03:f1:81:90:e8:ff:cf:bd:16:
76:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:3E:DC:71:97:EA:4B:E1:45:93:5F:30:B0:B7:6D:F0:6C:FE:BF:90
X509v3 Authority Key Identifier:
keyid:F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/lj7ccZfqS-FFk18wsLdt8Gz-v5A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1-XpUa2biRJzmKEMt2ArW1NAM0D4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.69.148.0/24
Signature Algorithm: sha256WithRSAEncryption
77:8d:b3:21:3b:a8:0a:21:5b:44:15:68:74:71:61:a6:08:81:
4d:00:8f:db:a8:6b:32:e0:c3:a0:06:ed:fb:42:51:1f:1e:65:
ca:13:0f:8c:10:3e:8f:c1:c1:89:3c:26:e7:4b:53:82:0f:3e:
3d:88:eb:69:55:40:f0:88:74:47:48:3b:be:30:fa:2d:f7:af:
03:ca:fc:d4:11:12:30:15:13:91:a5:64:d8:3d:2e:ee:14:83:
29:96:00:63:1b:4b:21:06:ca:d8:a4:7d:73:ef:ad:47:0b:43:
7d:c8:bf:6b:0b:8b:a8:18:e3:53:72:18:37:0c:ad:17:3b:70:
34:49:9a:c2:4f:7c:a1:89:41:60:49:bc:e1:3d:11:fc:87:8f:
7b:04:af:8f:fb:f7:59:e8:ef:35:b9:49:f9:90:50:fc:ec:33:
44:24:42:2a:40:24:7b:7d:6f:78:98:08:eb:4f:ba:3b:dd:1e:
40:f2:a7:3e:45:e5:16:d0:3d:06:70:3f:b2:1a:0f:49:45:cf:
d1:07:98:d1:ca:2c:6f:aa:e7:f3:ae:59:0b:58:6b:1c:22:e8:
80:0b:69:a1:f5:3c:8f:8b:a7:95:60:8b:b9:78:cc:58:5b:79:
94:d4:0f:08:05:4c:a0:e7:56:23:6b:4c:90:59:0e:ee:8d:57:
15:48:97:fb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY0T1+5z/bQqbCeAxJhQ9c/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5N2E1NDZiNjZlMjQ0OWNlNjI4NDMyZGQ4MGFkNmQ0ZDAw
Y2QwM2UwHhcNMjQwMTE2MTk1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjNlZGM3MTk3ZWE0YmUxNDU5MzVmMzBiMGI3NmRmMDZjZmViZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixfuBCDnsvEZ5u17+mx4f5/+8CM3
PIYy7HNqWVrWqSzofCcPPPiei6G/tXzGuG/HSPh2xlD+z3PA2haMm3atxrUPuIRi
vrQxDLVbPBs+i0xYXe1GZjDT4PYkFUsA9KScjdZT4BwHjYpA1ci1ZqmEhJVqP6BP
Zo4RcAGl2qWh5Tave2jX97pYv4wRxxOYX2CC8bconWYMlEgzbrW2RW3kxIkWjC4M
7+v9QdTTgaRfU+sFRCy2BnMw9AXueOKMXtDgAnuKwEjZO1SkqQnqu/ZeQSt91jr4
gbxqlNL6Bn5eB1T5ohN4ctn5IwtFeKuPzgaSNQG2yZED8YGQ6P/PvRZ2awIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJY+3HGX6kvhRZNfMLC3bfBs/r+QMB8GA1UdIwQY
MBaAFPl6VGtm4kSc5ihDLdgK1tTQDNA+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YcFVhMmJpUkp6bUtFTXQyQXJXMU5BTTBENC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdl
LTBiMWI2NjQxYjhhMi8xL2xqN2NjWmZxUy1GRmsxOHdzTGR0OEd6LXY1QS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdlLTBiMWI2NjQxYjhh
Mi8xLzEtWHBVYTJiaVJKem1LRU10MkFyVzFOQU0wRDQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDRZQw
DQYJKoZIhvcNAQELBQADggEBAHeNsyE7qAohW0QVaHRxYaYIgU0Aj9uoazLgw6AG
7ftCUR8eZcoTD4wQPo/BwYk8JudLU4IPPj2I62lVQPCIdEdIO74w+i33rwPK/NQR
EjAVE5GlZNg9Lu4UgymWAGMbSyEGytikfXPvrUcLQ33Iv2sLi6gY41NyGDcMrRc7
cDRJmsJPfKGJQWBJvOE9EfyHj3sEr4/791no7zW5SfmQUPzsM0QkQipAJHt9b3iY
COtPujvdHkDypz5F5RbQPQZwP7IaD0lFz9EHmNHKLG+q5/OuWQtYaxwi6IALaaH1
PI+Lp5Vgi7l4zFhbeZTUDwgFTKDnViNrTJBZDu6NVxVIl/s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:43 2024 by rpki-client on console-fra.rpki-client.org